Appendix A - LDAP: OID

An OID (Object Identifier) is a globally unique number that identifies objects. Globally Unique means there exists a single authority in the known universe that is responsible for the definition of the object and its functionality - this authority can be a international standards group, national organization or a private enterprise as discussed below. The OID definition, when followed to its source, will contain two pieces of information. A textual description and some ASN.1 SYNTAX which provides a formal definition of the object.

OIDs are defined within the ITU-T's Abstract Syntax Notation One (ASN.1.

The OID tree is organised from the LEFT so the left-most character is the highest level in the tree and indicates the international organisation that is responsible for delegating assignment of the following numbers. The highest level may take one of the following values:

The whole numbering assignment process may be found using this site. This note only reviews the more significant OIDs used in LDAP and their delegation route.

2.5.x OIDs

The base OID 2.5 was assigned by itu-iso (from the table above) to the X.500 study group so that numbers starting with 2.5 e.g. 2.5.6.x or 2.5.4.x are allocated (and defined) by this standardization group.

1.3.6.1.4.1.x OIDs

The base OID of 1.3.6.1.4.1 is the internet's private enterprise numbering sequence which is assigned by IANA. Any organisation can apply for an enterprise number. Values to the RIGHT of this number may then be assigned by the delegated organisation at its own discretion. This number can be written as iso.org.dod.internet.private.enterprise which substitutes names for the numbers and makes more sense - the translation is defined in RFCs 2578 - 2580.

OIDs of 1.3.6.1.4.1.4203 are assigned by OpenLDAP. Many OIDs used by OpenLDAP are of the form 1.3.6.1.4.1.1446 which one assumes are historical and date back to the original LDAP specifications before establishment of the OpenLDAP organization. Just another of life's mysteries.

If new objectclasses or attributes are required this delegation route is most commonly used. It is a Very Bad Thing™ to re-use existing OIDs or to invent a number - one day it will catch you out.

OIDs are used by a number of IETF protocols including SNMP. There is no rule for allocating OIDs within namespace but we suggest that the first digit within an enterprise number (the arc) be used to identify the protocol and then assign objects within the protocol e.g.:

1.2.840.x and 2.16.840.x OIDs

The base OID 1.2.840 was assigned by iso to a member-country (2) and then usa (840) which can then assign values to organizations.

The base OID 2.16.840 is a variation of country allocation and derives from joint- iso-itu (2), county (16) and usa (840).

Using this wonderful site the OID delegation route and the object definition may be identified. Note: Many of the OIDs at the site reference additional information at oid.elibel.tm.fr - this site seems to have been discontinued and morphed into a re-incarnation at www.oid-info.com. To get from an invalid URL reference to the new site simply edit the URL beginning with oid.elibel.tm.fr and replace this string with www.oid-info.com/get and remove the .html from the end of the URL. Alternatively - and perhaps quicker - use the basic search page (using previous link) and repeat the search!

Problems, comments, suggestions, corrections (including broken links) or something to add? Please take the time from a busy life to 'mail us' (at top of screen), the webmaster (below) or info-support at zytrax. You will have a warm inner glow for the rest of the day.